Question on emergency stop circuit

Don't take this the wrong way please - but do you know what your doing?

Cutting the power to everything isn't the answer.

If you're designing a safety function and need to come here, you're out of your depth already.

If it's some basic conveyor, then fine, unlikely anyone will get hurt.

If it has potential for anything more serious - get help designing it.
 
I would install a dual channel system.

Channel one: all emergency stop devices (Pushbuttons, guard switches and so on) in series to an ESR.

Channel two: each device as a PLC input for alarms.

Very common practice to use dual channels for e-stop circuits

This is NOT what a dual channel emergency stop circuit means.

A dual channel emergency stop circuit is a method of using redundancy to eliminate a single point of failure in the safety monitoring circuit. This means using normally closed contacts, where both pairs are independently monitored by a safety rated relay or controller. Test pulses or coded voltages can also be used to achieve a higher safety rating and to eliminate the possibility of failure due to short-circuiting between channels.

I would do something like this

it sure will....

No offense, but what you have proposed in this thread will not meet any kind of international safety standard requiring design using 'basic safety principals' whether that be Safety Integrity Level (SIL), Performance Level (PL) or Safety Category.

It is concerning the lack of knowledge and flippant recommendations that seems to be coming often from US posters regarding basic machine safety principals.



Hello everyone. This is my first time designing a system from scratch. The system is for a rubber injection molding press. I have the PLC all put together, wired most of the programming done, and I am working on figuring out the emergency stop circuit now. My understanding is that when you hit the emergency stop button all functions of the machine will cease and cuts all power to everything except the controller and HMIs. I have 2 voltages, 24vDC which powers all inputs, and 110VAC which powers my outputs coming from the PLC.

My main question is, how are you able to have any sort of indicator telling the operator that the emergency stop has been pressed (such as stack light, alarm siren etc.) with out having some sort of output voltage going somewhere? Is it acceptable or common practice for this to be allowed? Our current machines were built with not much thought into these things and dont have any sort of indications that it has been pressed.

I currently have a pop up window on the hmi but thats it so far.
Thanks for your input and comments!

It is not a requirement to cut the power to everything except the controller and HMI's.

The only requirement is that energy is removed from potential hazards, whether they be electric motors, pneumatic cylinders, hydraulic cylinders, or large pieces of machinery with kinetic energy and long run-down times such as large flywheels. This is most commonly done using safety rated components like safety contactors on the power circuits, safe-torque off inputs on variable speed drives, safety rated pneumatic/hydraulic dump valves, and solenoid or electromagnetically interlocked guarding.

You really need to do some more reading before jumping into this, or contact your local safety supplier such as SICK, Pilz, AB for some recommendations and help.

Even though this is geared to robot safety, this document has some good information on the fundamentals of designing a machine safety system.

Safety Categories, Performance
Levels and SILs for Machine
Safety Control Systems
 
Don't take this the wrong way please - but do you know what your doing?

Cutting the power to everything isn't the answer.

If you're designing a safety function and need to come here, you're out of your depth already.

If it's some basic conveyor, then fine, unlikely anyone will get hurt.

If it has potential for anything more serious - get help designing it.

I really dont mean to sound ignorant to what is at stake here. All the functions of the machine have been taken into account along with the potential dangers of movements, pinch points ect. The way the current machines operate is if the e stop is pressed it cuts off power to everything except the controller and no voltage anywhere except on the one side of the estop button. im not saying that the way it is currently done is correct, but I know that the machine shuts down in a safe manner. however there is no way that indicates it has been pressed until the operator realizes its no longer running. im not looking to half *** it just to get it up and running.
 
This is NOT what a dual channel emergency stop circuit means.

A dual channel emergency stop circuit is a method of using redundancy to eliminate a single point of failure in the safety monitoring circuit. This means using normally closed contacts, where both pairs are independently monitored by a safety rated relay or controller. Test pulses or coded voltages can also be used to achieve a higher safety rating and to eliminate the possibility of failure due to short-circuiting between channels.





No offense, but what you have proposed in this thread will not meet any kind of international safety standard requiring design using 'basic safety principals' whether that be Safety Integrity Level (SIL), Performance Level (PL) or Safety Category.

It is concerning the lack of knowledge and flippant recommendations that seems to be coming often from US posters regarding basic machine safety principals.





It is not a requirement to cut the power to everything except the controller and HMI's.

The only requirement is that energy is removed from potential hazards, whether they be electric motors, pneumatic cylinders, hydraulic cylinders, or large pieces of machinery with kinetic energy and long run-down times such as large flywheels. This is most commonly done using safety rated components like safety contactors on the power circuits, safe-torque off inputs on variable speed drives, safety rated pneumatic/hydraulic dump valves, and solenoid or electromagnetically interlocked guarding.

You really need to do some more reading before jumping into this, or contact your local safety supplier such as SICK, Pilz, AB for some recommendations and help.

Even though this is geared to robot safety, this document has some good information on the fundamentals of designing a machine safety system.

Safety Categories, Performance
Levels and SILs for Machine
Safety Control Systems

thank you
 
It is concerning the lack of knowledge and flippant recommendations that seems to be coming often from US posters regarding basic machine safety principals.

As an American, I wish I could be offended by this comment. I really really wish I could. But...
 
To your original posting....

It is not a requirement to cut power to everything. PLC inputs can (and should) be kept alive during an estop. The inputs are not dangerous to personnel.

Additionally, not all outputs need to be killed - only ones that are essential to the estop condition. I typically have two types of PLC output cards:
1. Powered through an Estop contact. In the case of an estop, these output cards have no power. This is where I would typically wires motor starters, solenoid valves, etc that must be killed during an estop.
2. Always powered. For certain, this is where I wire pilot lights and stack lights etc that should remain operational during an Estop. I might also have some motor starters and solenoid valves wired here as well.....If those devices are not required to be down during an estop. A thorough safety assessment needs to be done to determine the proper safe operation of all equipment.

As another twist, not all equipment needs to immediately lose power during an estop. Sometimes the safety assessment dictates that the best reaction is to control something to a safe state before removing power...If letting drive/motor coast to a long stop is dangerous, then it is permissible to command the drive to a fast stop before disabling the drive.
 
To your original posting....

It is not a requirement to cut power to everything. PLC inputs can (and should) be kept alive during an estop. The inputs are not dangerous to personnel.

Additionally, not all outputs need to be killed - only ones that are essential to the estop condition. I typically have two types of PLC output cards:
1. Powered through an Estop contact. In the case of an estop, these output cards have no power. This is where I would typically wires motor starters, solenoid valves, etc that must be killed during an estop.
2. Always powered. For certain, this is where I wire pilot lights and stack lights etc that should remain operational during an Estop. I might also have some motor starters and solenoid valves wired here as well.....If those devices are not required to be down during an estop. A thorough safety assessment needs to be done to determine the proper safe operation of all equipment.

As another twist, not all equipment needs to immediately lose power during an estop. Sometimes the safety assessment dictates that the best reaction is to control something to a safe state before removing power...If letting drive/motor coast to a long stop is dangerous, then it is permissible to command the drive to a fast stop before disabling the drive.

Thanks. After reading what everyone has posted I feel like I havent quite worded what i was looking for or how the current set up is and where im trying to go with it. Im on the right track now.

We are upgrading controllers and i am literally the only person in the shop with any sort of controls experience. I did meet with "big wigs" this morning about the safety concerns and they basically told me to figure it out cause thats what they pay me for so they arent going to pay someone else to do it. the mechanical engineer and I have been working on it together to get things figured out.

After researching the safety relays I figured out that the way I had planned to wire the e-stop circuit is basically the same but just not in an compact package. I did not however think that any sort of power leaving the cabinet was allowable, changes will be made on that front.

I do like the idea for setting up the output cards in a different way like that. I will keep that in mind. I am also looking up the info for the safety standards for our needs here.

I know everyone has there own personal and professional preferences on these things and there is a minimum that things have to be done at. I appreciate the information greatly, just want to keep operators safe the correct way moving forward.
 
Last edited:
It is important to make the distinction between removing control power (24VDC, PLC outputs) to your hazards, and removing the potential ENERGY to your hazards (3-phase power to drives or motors, pneumatic or hydraulic pressure).

Removing control power only is only suitable for VERY basic machine safety requirements eg. PLc, SIL1, Category 1, (i.e. Neglible or LOW risk - you might just hurt your finger).

Anything more dangerous than this and you MUST remove the ENERGY to your hazards by using safety contactors and safety pneumatic or hydraulic dump valves.

Whether these safety output devices are single channel or dual channel again depends on the risk level and frequency of occurrence to the hazard.
 
Depending on the level the E-Stop circuit is to be rated, will dictate how many channels to monitor. Add another contact for the PLC input and use lighted E-Stops. If one is pushed in, they all light up but the one that is pushed flashes it's light.
 
As an American, I wish I could be offended by this comment. I really really wish I could. But...

+1

I try my darndest not to offer any safety advice for the simple reason that I am not qualified to design a safety system. I am learning more and more through discussions such as this one, and do appreciate the input given by those that have the knowledge and experience.

I know most of the industries I work in are very behind on adopting modern safety systems. I see much more safety integrated systems from Europe. BUT, it (almost) cracks me up with some of the Far-East 'safety' systems... :D
 
Other Considerations

Question on emergency stop circuit
________________________________________
Hello everyone. This is my first time designing a system from scratch. The system is for a rubber injection molding press. I have the PLC all put together, wired most of the programming done, and I am working on figuring out the emergency stop circuit now. My understanding is that when you hit the emergency stop button all functions of the machine will cease and cuts all power to everything except the controller and HMIs. I have 2 voltages, 24vDC which powers all inputs, and 110VAC which powers my outputs coming from the PLC.

My main question is, how are you able to have any sort of indicator telling the operator that the emergency stop has been pressed (such as stack light, alarm siren etc.) with out having some sort of output voltage going somewhere? Is it acceptable or common practice for this to be allowed? Our current machines were built with not much thought into these things and dont have any sort of indications that it has been pressed.

I currently have a pop up window on the hmi but thats it so far.
Thanks for your input and comments!

Talldude42,

I have an assumption that you are NOT designing a control system for a new rubber injection molding machine, but instead, are designing a new control system for an existing rubber injection molding machine. (Machinery modifier)

As we did in the past, we merely looked at the existing control system, and replicated it with newer components. The blind replacement with newer components, and replicating the electrical / hydraulic / mechanical design, while which achieves manufacturing requirements, leaves the end users at risk of injury.

You, and your employer, are MODIFIYING a Vertical Clamp Injection Molding Machine. Your company will be held responsible to make sure that the controls retrofit satisfies all applicable CODES and CONSENSUS STANDARDS applicable at the time of remanufacture.

Your original question was related to Emergency Stop terminating power to output devices. This comment indicates that current RISK ASSESMENT strategies are not being considered.

I am not trying to intimidate, conversely, I am trying to awaken, or heighten your awareness that this task is more than your responsibility, as a single individual, merely specifying electrical safety parts and deploying them. The entire machine control system electrical/hydraulic/mechanical, using TEAM based RISK assessment, and TEAM BASED risk abatement strategies.

There is an ANSI Document for Vertical Clamp Injection Molding Machines ANSI/SPI B151.29

There probably are numerous more ANSI / NEC / NFPA / OSHA / Etc… consensus standards applicable to your employers retrofit controls upgrade plans, your employer as owner of the machinery will be held responsible if the retrofit is not deployed to the industry consensus standards of the time of remanufacture.

Not trying to scare you off, actually, the opposite… all injection machines are aged, and the control systems are dying and obsolete. This is an opportunity to put new controls on, with an INCREASED and UP-TO-DATE SAFETY system.

Best regards,

Plastic
 
You need to assess the danger and select the level of protection (safety category) I suggest for moving machinery use cat 3 dual channel.
I suggest you have a main contactor feeding the 3 phase supplies to all 3ph contactors if used, each one of the contactors for motors so if 3 x motors then 1 contactor for supply and 3 contactors 1 for each motor the N/C aux of all 4 contactors are put in series with the reset cct of the safety relay so in the event of a failure of any contactor i.e. welded in, the safety cct. will not re-energise, the use of dual channel gives extra protection should a safety switch or button welds one of the contacts.
You only need to disconnect supplies to moving parts i.e. motors, solenoids driving pneumatics/hydraulics or any other moving parts, leave plc inputs powered and use aux contacts off any e-stop or guard switch to plc inputs and use them to indicate which button has been pressed or guard opened, different countries may have different legislation regarding machine safety and the design of these type of circuits should only be done by a competent person
 
I would do something like this


Please send inputs back to the PLC for each ESTOP for the maintenance guys and the people that come after you, if you have a HMI build a screen to show maintenance and operators which E-STOP was hit.



We have a quite a few machines that have 5-10 E-STOPS on them and the E-STOPS are series together back to a safety relay and that safety relay input goes back to the PLC but none of the Estops go back to the PLC.



We're in food manufacturing so the plant gets washed every night and there's always water in everything and this leads to an enormous amount of time troubleshooting E-STOPS because you have to take each one out blow it out try resetting and repeat until you find the one that's acting up.
 
Last edited:
Please do this for the maintenance guys and the people that come after you, if you have a HMI build a screen to show maintenance and operators which E-STOP was hit.



We have a quite a few machines that have 5-10 E-STOPS on them and the E-STOPS are series together back to a safety relay and that safety relay input goes back to the PLC but none of the Estops go back to the PLC.



We're in food manufacturing so the plant gets washed every night and there's always water in everything and this leads to an enormous amount of time troubleshooting E-STOPS because you have to take each one out blow it out try resetting and repeat until you find the one that's acting up.

Not only that, but always use lighted E-stops so you can tell just by looking! (I know lights fail, but LEDs are pretty robust)
 
We're in food manufacturing so the plant gets washed every night and there's always water in everything and this leads to an enormous amount of time troubleshooting E-STOPS because you have to take each one out blow it out try resetting and repeat until you find the one that's acting up.

I had the same problem... On the regular. I switched to using the Banner sealed E-Stop, its like IP67, I think. It is amazing. I have 12 or so getting pressure washed every night and not 1 failed yet after a couple years of service. Ill never use anything else in a wash down environment.
 

Similar Topics

Hello, I have plc Schneider TM241CE40T with the hmi HMIS5T. Do you have idea how to disable a button after an emergency stop to vijeo designer ...
Replies
5
Views
1,378
OK. You guys helped me out a bunch with my first Siemens question. I found a bunch of issues with integrity checking the PLC programs I was...
Replies
3
Views
104
Hi all, Writng a FB in ST on Beckhoff TC for a pulser which turns on and off on a cycle, is paused by turning bControlInput to FALSE, but resumes...
Replies
4
Views
92
Hello folks! Never been here before but I have a question that's been bugging me for a while. I recently got a job at a chemical plant that's...
Replies
8
Views
280
I am currently backing a Micro Logix 1100 and no-one seems to have the file for me to upload from. Is there a way for me to upload the project off...
Replies
15
Views
340
Back
Top Bottom